Terraform drift detection using GitHub actions

tjtharrison
6 min readNov 7, 2023

If you use Terraform for managing your infrastructure as code, it is important to know when the current state of your infrastructure is different to the infrastructure you have specified in your repository.

Here is Hashicorp’s article on Terraform drift to explain in more detail: https://www.hashicorp.com/blog/detecting-and-managing-drift-with-terraform

In this article I’m going to be covering how to use a scheduled GitHub actions workflow to detect when this “drift” has occurred and send a message to a Slack channel notifying you of the differences.

Photo by Roberto H on Unsplash

Prerequisites

The example workflow I’ll be sharing covers installing infrastructure in AWS using Terraform. If this is the scenario you wish to be detecting drift in — You’ll need to have your GitHub runners already able to talk to AWS — I won’t be covering this in this article.

Further to the above, you will also require:

  • A GitHub repository containing your Terraform
  • The ability to create Slack incoming webhooks in your Slack team

The example we’re going to be using has multiple Terraform directories that are deployed using a matrix (if you do not have multiple directories — I’ll make a note of the changes required to the workflow).

--

--

tjtharrison
tjtharrison

Written by tjtharrison

DevSecOps | Security | Infrastructure

No responses yet